[rt-users] Password Encryption Used By RT
Rich Lafferty
rich+rt at lafferty.ca
Fri Nov 8 13:47:11 EST 2002
On Fri, Nov 08, 2002 at 01:21:35PM -0500, Rich Lafferty <rich+rt at lafferty.ca> wrote:
> On Fri, Nov 08, 2002 at 10:41:39AM -0600, Rick Bradley <rt-users at rickbradley.com> wrote:
> > * John Gedeon (jgedeon at qualcomm.com) [021108 10:32]:
> > > I am evaluating the RT system and noticed that the passwords stored in the
> > > database are encrypted (good job i wasn't expecting that :) ) but I was
> > > wondering what algorithm was used. I hope its the same as unix based
> > > passwords I am hoping to be able to add the functionality that all users in
> > > RT that get greated by them sending in a request will have their unix
> > > password (and id which is usually their email address as well) be their rt
> > > pass. the easyiest way would ofcourse be cut encrypted pass from passfile
> > > and paste into rt user table, but I wanted to make sure the encryption was
> > > the same....
> >
> > The passwords are encrypted with crypt(). This is common for Unix
> > passwords, but not necessarily identical with what a particular system
> > uses. Many newer systems will use md5 login passwords which look a bit
> > different, function similarly, and use a completely different hashing
> > algorithm than crypt.
>
> No, crypt() uses more than one algorithm on most systems that support
> MD5 passwords, and figures out which to use by the hash.
Gnar. By the salt, of course.
$ perl -le 'print crypt("foo",q($1$abcdefgh))'
$1$abcdefgh$XxzGe9Muun7wTYbZO4sdr0
-Rich
--
Rich Lafferty --------------+-----------------------------------------------
Ottawa, Ontario, Canada | Save the Pacific Northwest Tree Octopus!
http://www.lafferty.ca/ | http://zapatopi.net/treeoctopus.html
rich at lafferty.ca -----------+-----------------------------------------------
More information about the rt-users
mailing list